gordon icon indicating copy to clipboard operation
gordon copied to clipboard
verified publisher icon jorgebastida

List of required IAM permissions to `apply`

Open mbattifarano opened this issue 8 years ago • 3 comments

It'd be great if the docs listed the minimum set of aws permissions needed to run gordon apply. The permission I eventually got to work are:

iam:*
s3:*
cloudformation:*
lambda:*

I'm happy to open a PR to update the docs, but I wanted to get some feedback on the list. In particular, if any of the permissions can be more specific.

mbattifarano avatar Feb 09 '17 20:02 mbattifarano

Agreed. Great idea to add to docs - assuming that is all that is needed.

ericdmoore avatar Mar 09 '17 22:03 ericdmoore

A minimal permission set would be very helpful. For example, iam:* is excessively broad: it allows creating users, adding users to groups, changing passwords etc.

candlerb avatar Aug 18 '17 11:08 candlerb

There is some excellent work in this area at https://github.com/serverless/serverless/issues/1439

candlerb avatar Sep 20 '17 19:09 candlerb